| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Bug: http://b/185916167
Test: treehugger
Change-Id: I3407052df4f12b01acc4a75c6bd0759f7a4b2c4c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added SPDX-license-identifier-Apache-2.0 to:
applypatch/Android.bp
bootloader_message/Android.bp
edify/Android.bp
fuse_sideload/Android.bp
install/Android.bp
minadbd/Android.bp
minui/Android.bp
otautil/Android.bp
recovery_ui/Android.bp
recovery_utils/Android.bp
tests/Android.bp
tools/image_generator/Android.bp
tools/recovery_l10n/Android.bp
uncrypt/Android.bp
update_verifier/Android.bp
updater/Android.bp
updater/Android.mk
updater_sample/Android.bp
updater_sample/tests/Android.bp
Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-MIT
SPDX-license-identifier-OFL
to:
Android.bp
Android.mk
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: I3da761b525452838977297f773974000d4de7bd6
|
|
|
|
|
|
|
|
|
|
| |
libz contain platform dependent optimization flags, and sometimes that
cause reconstruction of blobs to fail. Use libz_stable instead
Bug: 177076632
Test: treehugger
Change-Id: I3a8c1591672537d1c754b2bc5b26f939dd80ed47
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a pretty simplistic approach, it just shoves random data at the
verifier. The OTA format isn't too complicated so this should hopefully
be sufficient to let the fuzzer exercise the potentially interesting
parsing code.
Test: Let the fuzzer run on device for awhile:
1) FUZZ=libinstall_verify_package_fuzzer
2) SANITIZE_TARGET=hwaddress make ${FUZZ}
3) cd ${ANDROID_PRODUCT_OUT} && adb root && adb sync data
4) adb shell /data/fuzz/arm64/${FUZZ}/${FUZZ}
Change-Id: Icac6bde017b497d9f92c06191eb29e107ba9c0a7
|
|\
| |
| |
| | |
Change-Id: I264469782af6ffab1c138edc01b577abb5fd2675
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The unit tests for imgpatch is comparing the compressed bytes. As
a result, these unit tests will fail with libz change.
Since the recovery image is just a gzipped ramdisk with some wrappings,
we can generate with minigzip it during the build time. This matches
the usage in the real world, where we generate the patch with the host
side libz; and apply the patch with the library on the device.
Bug: 149443852
Test: tests pass on Pixel3
Change-Id: I7885765a161c6bf765671bc55a72cfcaa04b4138
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Test: recovery_unit_test - no new failures
Change-Id: Ia5afd19854c3737110339fd59491b96708926ae5
Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 5e6c4e9a91674826bf11cab604250b41a9326fd8.
Reason for revert: BUG: 149432069 - build failure on git_qt-qpr1-dev-plus-aosp on docs. 'otautil/roots.h' file not found is the error.
Forrest run: https://android-build.googleplex.com/builds/forrest/run/L85900000460577420
Change-Id: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
Merged-In: I35119c2334895aa0ef4ed71b3ddd08f280c0c031
|
|\| |
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The non-A/B package installation is subject to TOC/TOU flaw if the
attacker can switch the package in the middle of installation. And the
most pratical case is to store the package on an external device, e.g. a
sdcard, and swap the device in the middle.
To prevent that, we can adopt the same protection as used in sideloading
a package with FUSE. Specifically, when we install the package with FUSE,
we read the entire package to cryptographically verify its signature.
The hash for each transfer block is recorded in the memory (TOC), and
the subsequent reads (TOU) will be rejected upon dectecting a mismatch.
This CL forces the package installation with FUSE when the package stays
on a removable media.
Bug: 136498130
Test: Run bin/recovery --update_package with various paths;
and packages are installed from FUSE as expected
Test: recovery_component_test - all passing
Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
Merged-In: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
|
|/
|
|
|
|
|
|
|
| |
This library is empty, and its functionality has moved
into libbinder/libhwbinder.
Bug: 148692216
Test: N/A
Change-Id: Ie50d9130a8e43de7d5b222883169c26ab958e6d7
|
|\ |
|
| |
| |
| |
| |
| | |
Bug: 146456667
Change-Id: I839223d8fbc365fd3271634143b117604f6aa879
|
|/
|
|
|
|
| |
Test: sideload OTA
Bug: 139300422
Change-Id: I3369b69242ccd7a64540a0c2d754a5d6fc50d072
|
|
|
|
|
|
|
|
|
|
|
| |
A number of utility functions are intended for serving recovery's own
use. Exposing them via libotautil (which is a static lib) would pass the
dependencies onto libotautil's users (e.g. recovery image, updater, host
simulator, device-specific recovery UI/updater extensions etc). This CL
finds a new home for the utils that are private to recovery.
Test: mmma bootable/recovery
Change-Id: I575e97ad099b85fe1c1c8c7c9458a5a43d4e11e1
|
|
|
|
|
|
| |
Bug: 141272654
Test: TreeHugger (recovery_unit_test no longer fails)
Change-Id: I47cbee274e659e3d90be5a77b215466d2973c7d6
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tested by running recovery_unit_test as described in
https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/README.md
Attempted to build and boot a recovery image with the
same change to confirm it still works, but
m recoveryimage-nodeps
fails for me.
Bug: 140940227
Test: See above
Change-Id: I00545968a0e5684823e505f2ddbe7e993319b5d4
|
|
|
|
|
|
|
|
| |
No longer needed.
Bug: 135558503
Test: build only
Change-Id: Ia1257513c6276cdb01604fbedb411e7412d02b84
|
|
|
|
|
|
|
|
| |
Stop building libimgpatch as it's merely a subset of libapplypatch.
Test: unit tests pass
Change-Id: I0735ec053344404434a50e53a36e3f55964c2e4f
|
|
|
|
|
|
|
|
| |
Stop building libimgdiff on device because we are only running
patching there.
Test: unit tests pass
Change-Id: I4225c6b52a536617301a64c405e325799a303b40
|
|
|
|
|
|
|
|
|
| |
Make sure the simulator succeeds executing common non-A/B update
functions.
Bug: 131911365
Test: run unit tests
Change-Id: I520ce6a8827539b88a9e36f9e67eec30d8b586d4
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the simulator runtime and build the updater simulator as a host
executable. The code to parse the target-files and mocks the block devices
will be submitted in the follow-up.
Bug: 131911365
Test: unit tests pass
Change-Id: Ib1ba939aec8333ca68a45139514d772ad7a27ad8
|
|
|
|
|
|
|
|
|
|
| |
Adds a fuse data provider that parses the metadata from a block map,
reads the data from the given ranges of the block device; and provides
the data to the fuse.
Bug: 127071893
Test: unit tests pass, install a package from block map
Change-Id: Ie9925ee9144e98642505b3f5e1a4a186d2b21ed0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of the tests in component/ are in fact unit tests. And it doesn't
look practically beneficial to distinguish between the two:
- They have the same test setup;
- We always run both (recovery_unit_test and recovery_component_test)
at the same time;
- Breaking any of them would be equally bad.
This CL merges the tests in recovery_component_test into
recovery_unit_test to save the effort to maintain both.
Test: Run recovery_unit_test on marlin (via `adb sync data`).
Test: `atest recovery_unit_test`
Change-Id: I93ff32e7219cd83425a4bcfe5613978a8dd48d75
|
|
|
|
|
|
|
|
|
| |
Also remove the AndroidTest.xml file, which is no longer needed (the
`data` property in Android.bp takes care of that). The AndroidTest.xml
file would otherwise block `atest recovery_host_test` from running.
Test: TreeHugger; check the test result.
Change-Id: If545878a1f3ae627986e19a94b42162f133b9098
|
|
|
|
|
|
|
|
| |
Build libinstall as a shared library. Also drop the dependency on the
global variables in common.h.
Test: unit tests pass, sideload an OTA
Change-Id: I30a20047768ce00689fc0e7851c1c5d712a365a0
|
|
|
|
|
|
|
|
|
| |
This is another implementation of the Package class. And we will later
need it when reading the package from FUSE.
Bug: 127071893
Test: unit tests pass, sideload a file package on sailfish
Change-Id: I3de5d5ef60b29c8b73517d6de3498459d7d95975
|
|
|
|
|
|
|
|
|
| |
This reverts commit 9ce1d14ef621459a4ac62ee1bda0b9f51cfa4c38.
Reason for revert: AOSP is fixed with new vendor image
Change-Id: Ie5a9748acdae22a2b9862cb2ecedda7031f77264
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
|
|
|
|
|
|
|
|
| |
This reverts commit 62d0c7873cf81d63078b932edd23ae78677408cd.
Reason for revert: Broke AOSP
Change-Id: I88ef00ebce797f7fdca3678ab93fcae364453a8c
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because set_sched_policy is moved into libprocessgroup an additional
dependency is requred for recovery_component_test to build.
Exempt-From-Owner-Approval: janitorial
Bug: 111307099
Test: builds, boots
Merged-In: I7cf75e473ee1e2837940606c71d15be26db0c3f2
Change-Id: I7cf75e473ee1e2837940606c71d15be26db0c3f2
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Move some mounting functionalities to libfs_mgr.
Test: run recovery tests
Bug: 118634720
Bug: 113182233
Change-Id: Ie59376664a744992429f0262ec96d13a1aed30f9
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: http://b/119560349
Bug: http://b/112277682
Currently, any binary links in a PGO-enabled static library also needs
to opt into PGO. With b/119560349, this should be done automatically by
the build system. Until then, use the non-PGO version of libhwbinder in
recovery_component_test.
Test: m ANDROID_PGO_INSTRUMENT=all
Change-Id: Ic6e44c1cb6d6f13e60e11a46fd7e5ef54238942b
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dependency."
This reverts commit 26b86bb1dc895881cf507dfab0850c47c68c2779.
Reason for revert: Dependencies which broke tests due to exclusion from
LOCAL_JNI_SHARED_LIBS have been added.
Change-Id: I364acfe8bd0526fb26f69cc29fb3545fc3e79764
|
|/
|
|
|
| |
Test: Ran tests.
Change-Id: I5fa99f7b6b03c7b9247b4f340f3df982063b0e3e
|
|
|
|
|
|
|
|
| |
This reverts commit a71c10b46427388932c662ffe59f6513fd5227c0.
Reason for revert: This breaks framework tests and blocks presubmit
Change-Id: Iae94878889c1e71e2da5336fe75af88dfd3bfcfa
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: 110364143
Bug: 114311116
Test: mm -j64
Change-Id: I3b9174443b00ad57be60881736afde7647351bd1
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
|
|
|
|
|
|
|
|
|
|
| |
Now it's less beneficial to inject I/O faults since we don't see many of
them. Remove the library that mocks I/O failures. And switch to android::base
I/O when possible.
Bug: 113032079
Test: unit tests pass
Change-Id: I9f2a92b7ba80f4da6ff9e2abc27f2680138f942c
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This file was somehow missed when converting from Android.mk to
Android.bp. This CL addresses the issue by picking up all the .cpp files
in the test source dir.
Test: Run recovery_{unit,component}_test on marlin. Check the reported
number of tests (94 for unit test and 157 for component test).
Change-Id: I50435b07fcb8602ef7b3f7e7d3a69e10b6a5932d
|
|/
|
|
|
|
|
| |
recovery_host_test is now excluded from darwin targets as its
dependency libimgdiff is.
Change-Id: I6aa085125109ed2218572df97f35289b71c354ab
|
|
Also separate libupdater_defaults out to be shareable.
It turns out the `data` property in `cc_test` doesn't follow symlinks as
LOCAL_TEST_DATA does in Android.mk. This CL creates a filegroup in
top-level Android.bp in order to pick up the testdata for ResourcesTest.
Test: `mmma -j bootable/recovery` with aosp_marlin-userdebug
Test: Run recovery_{unit,component,manual}_test on marlin.
Test: Run recovery_host_test.
Change-Id: I4532ab25aeb83c0b0baa8051d5fe34ba7b910a35
|